RTC07: Extortion, hate-crimes, and fraud

This is one of a multi-part series. For other instalments, see Romancing the code: Ashley’s Angels and internet demons.

As I mentioned in the previous post, it would be possible to debate the ethical and moral minefields surrounding the respective rights and wrongs of Ashley Madison, the adulterous users, and the Impact Team, and at the end of it we might still be no closer to deciding if it’s acceptable to use morally ambiguous methods to expose morally ambiguous (or possibly criminal) behaviour.

What is clear, however, is that the leak had wide-ranging consequences beyond simple embarrassment. From the moment the data was leaked, amateur and professional crackers went to work on the database containing some thirty-six million password hashes. Continue reading

RTC06: The internet’s long memory

This is one of a multi-part series. For other instalments, see Romancing the code: Ashley’s Angels and internet demons

Interestingly (from a legal perspective), the tables of data seem to suggest that thousands of users had paid a $20 (£15) fee to have their records permanently deleted from the site, but that this had not been (completely) carried out.

Using a quick, crude inner-join search where the email field contained “deleted”, I extracted a little over 102,000 accounts. Some twenty or so accounts seemed to have been “deleted” by users simply logging in, removing all their details, and putting addresses like deleted@deleted.com in the email field. However, the overwhelming majority of the results had deleted@almlabs.com (or in two cases, deleted@almlab.com) as the email address. Most also had other fields that had been marked as deleted in some way too, but the actual completeness of that deletion was extremely inconsistent. Continue reading

Voices in the wires: analysing speech in video and audio

So you have a video or an audio sample of speech, and you’d like to know more about the speaker?

Well, forms of speech analysis have been a staple part of linguistics for millennia (really – there’s evidence of it right back to the 4th century BCE), but in more recent times, it has started to feature increasingly prominently in police and government agency investigations. Just two notable instances include the hoax recording in the Yorkshire Ripper murder case in the late 1970s and the London accent in the terrorist video of James Foley’s beheading in 2014. However, speech analysis is a surprisingly broad and diverse area. There are as many ways to analyse speech as there are reasons to do so. This post therefore attempts the impossible: to give an extremely brief, but still-useful summary of the various disciplines alongside pointers towards experts in each area. Continue reading

RTC05: Hitting a nerve

This is one of a multi-part series. For other instalments, see Romancing the code: Ashley’s Angels and internet demons.

The AM leak triggered an interesting debate about the murky waters of using illegal methods to expose immoral behaviour and unethical practices. On the one hand, it became apparent in subsequent investigations that, at the very least, Ashley Madison’s former CTO, Raja Bhatia, had been examining the security of a rival site, nerve.com. This was a site that ALM was contemplating purchasing, and notably, Bhatia had not worked for AM for two years at the time of these emails.

Using a personal address, on Friday 30th November, at around mid-morning, Bhatia emailed Biderman, and at the end of a message on other topics, he finished with:

Also nerve’s dating site has a huge security hole….

Continue reading